Jump to content

Clients Can't Connect To Karma


Recommended Posts

Hi People

I've just bought a Pineapple a month ago from Hak.5

Can't get it to work

Don't know what I’m doing wrong.

Basically I start karma and have a bunch of clients which were previously connected to some SSID.

And that SSID is not being currently broadcasted.

When I start Karma,

All i see is my pc which I’ve connected myself to the Pineapple SSID

I've tried adding the SSID to whitelist,

Still doesn’t work.

Tried using different SSID's with WEP, WPA, and WPA2-PSK

Still won’t work

Any help and advice is much appreciate

Link to comment
Share on other sites

I don't quite understand what you’re saying.

But I'll tell you what I exactly did

A workstation in my house is connected to my wireless router using the xxx SSID.

What I do is turn the wireless router off.

So that SSID is not being broadcasted anymore

Turn on Karma.

Then turn on the workstation which was connected to the xxx SSID.

So why does Karma not pick it up?

Using inssider I could actually see that a SSID with the same name xxx is being

Broadcasted from Jasager

But the victim/client won’t connect to it automatically

Wireless settings are configured to make sure it connects automatically to xxx.

Link to comment
Share on other sites

What operating system is the workstation? If the original access point is running any sort of encryption, Windows Vista will refuse to connect to Jasager, and Windows 7 will not automatically connect (though it won't put up a fight like Vista does).

Link to comment
Share on other sites

The workstation is running Windows 7.

The orignal access point used WPA2-PSK wit AES.

I've tried using an open connection (no passwords)& it still won't work.

Wasn't clients automatically connecting to Jasager, The main reason why people buy it ?

Link to comment
Share on other sites

Pre XP SP2 Windows would associate with an AP and negotiate downwards on encryption till it gets to no encryption, from SP2 onwards if the client expects the AP to be WPA then it won't associate if it isn't WPA, same for all other encryption types.

Some different client apps will still associate as the pre-SP2 ones but most won't.

Link to comment
Share on other sites

Okay, First of all thank-you for your reply.

I've got a victim running Windows XPSP3 and another Victim running Windows 7.

Both of them are connected to a Open Wireless network without any encryption.

Then I turn off my access point,

So that SSID is not broadcasted anymore.

Turn on Jasager & Karma

Jasager fakes that SSID and shows it in Wireless networks.

But my clients/victims wont automatically connect to it.

Why is that happening ?

Link to comment
Share on other sites

  • 2 weeks later...

Are you seeing the SSID in the preferred network list or in a list when you scan for available APs?

If you fancy a challenge boot a BT5 live cd on one of the machines, put the card into monitor mode and watch the wifi traffic with Wireshark. Then you will be able to see exactly what is happening.

Link to comment
Share on other sites

  • 5 months later...
  • 2 months later...

hope this thread is not dead yet.

to your question:

maybe both ;)

when "debugging" or simply sniffing the packets you will find the needed informations in your dumped packets.

give wireshark a try ;)

but i can confirm that windows boxes running xpsp3 and later won't autoconnect to karma,

all you can do is waiting that someone is dumb enough to manually connect to the karma'd ap..

what i cannot say is which os's will still connect automatically to the rouge ap,

but regarding to several hak5 videos with darren, macs are a possibilty...

maybe darren could answer to this

cheers phk

Link to comment
Share on other sites

  • 7 months later...

I'm noticing that at least newer Android devices won't connect to Karma, as well as most Windows machines. Like previously mentioned they have to manually connect to the main SSID you're broadcasting. My MK4 doesn't even register the probes (if there are any) on the machines I've tested.

Link to comment
Share on other sites

I'm noticing that at least newer Android devices won't connect to Karma, as well as most Windows machines. Like previously mentioned they have to manually connect to the main SSID you're broadcasting. My MK4 doesn't even register the probes (if there are any) on the machines I've tested.

I have to disagree. I am rocking a Galaxy nexus 4.1.1 and it still works.

Best Regards,

Sebkinne

Link to comment
Share on other sites

these are my karma debug steps

check device to make sure karma is up and running ? - is karma enabled

get victim device and connect to an open wifi access point while making up the name like karmatest22

if it connects then karma is working.

anything else past that involves making sure the client is set to open networks, networks that do not broadcast and other things like that.

Link to comment
Share on other sites

I agree with Seb, I was using my Android phone as a victim in a class I taught recently and it worked fine.

If you ssh to the device and then tail the karma log in /tmp you'll see realtime everything that is happening, that may help work out what is going on.

Link to comment
Share on other sites

All I can say is that on my three test devices I'm unable to get them to autoconnect to a karma'd SSID. I have an Android phone (2.3.6), an Android tablet (4.0.3), and a Windows laptop. All of them have saved unsecure networks saved that they will autoconnect to when they get in range. No matter what I do I can't get them to autoconnect to the Pineapple. Some people do get connected though, I just can't replicate it.

Link to comment
Share on other sites

It would seem that an easy fix would be for Karma to have an option that would allow you to load in a list of popular open SSID's and then send two or three beacons for each SSID on the list. This might "wake up" the non-working devices since they are passively looking for known networks.

One of you could test this by running airbase-ng with the SSID you used on the phone.... Start and then stop it... then see if the client will connect via Karma on the pineapple...

Also could run mdk3 with the "b -f <SSID_List.txt>" Beacon Flood Mode switch.....

Edited by myst32
Link to comment
Share on other sites

Using an alternate tool to send the beacons would help but just as an FYI I tried to implement multiple beaconing in the hostapd drivers but due to restrictions on how the AP mode works at a low level it isn't technically possible to get more than about 4 different SSIDs in parallel. In my lab I only managed to get 2 working. I figured the benefit gained from a second wasn't wasn't worth the effort it would be to add it.

Link to comment
Share on other sites

Using an alternate tool to send the beacons would help but just as an FYI I tried to implement multiple beaconing in the hostapd drivers but due to restrictions on how the AP mode works at a low level it isn't technically possible to get more than about 4 different SSIDs in parallel. In my lab I only managed to get 2 working. I figured the benefit gained from a second wasn't wasn't worth the effort it would be to add it.

Where you creating real APs? I am just talking about generating fake beacons...

Link to comment
Share on other sites

SUCCESS...

I was able to "wake up" the target pc by generating "fake" beacons.

Here is my setup if others wish to test.

Target PC is a win7 laptop.

Removed all wireless networks and then created an open network called "test".

Set encryption to open

Selected "Connect automatically when this network is in range"

Did NOT select "Connect even if the network is not broadcasting its name (SSID)"

I then...

Booted BT5 on attacking laptop and hooked up pineapple.

Let set for several min... Win7 box did not connect and never sent a probe request.

I then...

Connected a ALFA AWUS036H to the BT5 laptop and placed it in monitor mode.

I then created a text file called "wifinames" with the following info...

attwife

crazy

test

openwifi

I then issued the following command..

airbase-ng --essids ./wifinames -c 11 mon0

I let it run for about 2 seconds and then killed it with Ctrl-C

Looked over at the pineapple and the light started flashing... checked command center and...

KARMA: Probe Request from XX:XX:XX:XX:XX:XX for SSID 'test'

KARMA; Successful Association of XX:XX:XX:XX:XX:XX

Check Win7 machine and it had indeed connected.

The idea here is to use airbase-ng to generate "fake" beacons.

Airbase-ng already has the capability to generate SSIDs from a list with the --essids command. So in theory we would just need to make a list of the most common open networks.

Feed this list to airbase-ng... let it run long enough to generate the beacons for each SSID and then shut it off. Karma will take care of the rest...

If you do not wish to use the file you can test using this command..

airbase-ng --essid <essid> -c 11 mon0

Please test for yourself....

Edited by myst32
Link to comment
Share on other sites

I'm just wondering if deauth would be possible to achieve the same results? I understand that deauth primarily is used to deauth client that are connected to AP, but would it also help in making clients aware of the fake net from the pineapple?

Myst32; Would this technique also apply for Android phones?

Link to comment
Share on other sites

I'm just wondering if deauth would be possible to achieve the same results? I understand that deauth primarily is used to deauth client that are connected to AP, but would it also help in making clients aware of the fake net from the pineapple?

Myst32; Would this technique also apply for Android phones?

I don't think the deauth would work because the target PC is not expecting them. I would guess the target would just drop the packet. Plus, unless you know the mac of the target the best you could do is broadcast deauth for a network the target is not even on.

I would think the trick above would work on a Android phone for the same reason it works on the Win7 box. However I do not have an Android phone to test with so I cant confirm this.

Link to comment
Share on other sites

my htc V android(4.0.3) connects to karma

my lenovo i3 laptop running centos or win7 connects to karma

my lenovo core2duo laptop running centos or win7 connects to karma

my asus atom netbook running centos connects to karma

my wm860 armbook connects fine with android, with WinCE i don't think auto connection is possible ? (i may be wrong)

my wrt54g v2.2 and wrt54gs v4 while running Gargoyle firmware in sta mode connect to karma with no problems

my ibook g3 (lol) connects to karma

my friends powerbook and ipad connects to karma

Blackberries and Wii's seem to connect Very easily

dont have anything else to test it on, sorry guys are having so many problems but i haven't had much

also just confirmed my roku2 connects with out issue and the only saved network is a wpa2

Edited by alextrebek
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...